On 7/18/2019 5:46 PM, Herbert Xu wrote: > On Thu, Jul 18, 2019 at 05:43:04PM +0300, Iuliana Prodan wrote: >> Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or >> 20 bytes. >> >> >From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no >> and extended seq_no, that is 8 or 12 bytes. >> In seqiv, to asscolen is added the IV size (8 bytes). >> Therefore, the assoclen, for rfc4543, should be restricted to 16 or 20 >> bytes, as for rfc4106. >> >> Signed-off-by: Iuliana Prodan <iuliana.prodan@xxxxxxx> > > Why does this matter? Is it for the fuzz test? > > Cheers, > Yes, this is for fuzz testing. The generic implementation for rfc4543 considers any assoclen valid, which is not correct. Regards, Iulia